GDPR Requirements

GDPR: Is Your Company Ready?

What is GDPR?

GDPR stands for ‘General Data Protection Regulation’ which is a new regulation coming into play as from 25 May 2018 which aims to protect personal data of EU residents. This is set to replace the outdated data protection directive from 1995. It also covers and regulates the import and export of personal data outside of the EU.This will apply to anyone that process payments on an online shop or deals with any mailing lists etc. As a bare minimum you should be secure your website with an SSL.GDPR requires you to do the following:

• Requiring the consent of subjects for data processing
• Anonymizing collected data to protect privacy
• Providing data breach notifications
• Safely handling the transfer of data across borders
• This requires particular companies to a appoint a data protection officer to oversee GDPR compliancy

Why do I need to worry about this?If you’re running a business that is currently dealing with users data, things are going to be made a lot tighter. For anyone that isn’t compliant with the regulations, you can face a fine up to 20million, or up to 4% of the annual worldwide turnover of preceding financial year.

What can you do about this?

There are things you can put in place to ensure that you are always compliant with GDPR.Create a data protection planMost companies already have a plan in place, but this will need to be reviewed and updated to make sure that it aligns with the new GDPR requirements.Implement measures to mitigate risksThe GDPR requires that companies report any breaches that happened within 72 hours. Make sure that you are adequately prepared to respond and report any problems.